[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dropping setuid/setgid privileges

From: Sergey Poznyakoff
Subject: Re: dropping setuid/setgid privileges
Date: Thu, 11 Jun 2009 21:28:05 +0300

Bruno Haible <address@hidden> ha escrit:

> What is the use-case that you are considering? A setuid/setgid executable,
> or an executable run by root?

I was considering an executable run by root.

> And what task does it do, related to the user's data and devices?

Retaining supplementary is often necessary for the program to be
able to access various files. I use this approach in Mailfromd

> >   idpriv_drop_grp (size_t ngrp, gid_t *groups)
> Should that drop the specified supplementary groups (and keep the rest),
> or keep the specified supplementary groups?

It should keep only the specified supplementary groups and
drop the rest. If ngrp==0 it should drop all supplementary


reply via email to

[Prev in Thread] Current Thread [Next in Thread]